What we do if a password returns as true, is we then make a note in the DB for the user to change his password when they log in, or else, when they first log in and register as md5, automatically change them to the more secure version using the plain text password they entered on login..

It’s simple, but makes things easier.. Also handy for more than just password checking..